Demo Virus For Mac OS X Released 268
Juha-Matti Laurio writes "Heise Security has a report about new Proof of Concept virus for Mac entitled as OSX.Macarena by AV vendor Symantec. Symantec suffered from a slight lapse when it recommended in the first version of the virus description that users clean the system by deactivating the system restoration (Windows ME/XP). It is known that the virus infects other data in the folder in which it is started, regardless of extension, says Heise."
Viruses, worms, malware, and OS X (Score:4, Informative)
Anybody can create a virus for OS X, and it can run perfectly. The biggest problem would be how it can be able to spread to other machines.
On Windows, it isn't viruses that plague Windows, but it is worms, spyware, and adware that affects that platform. All it takes to be infected with a computer virus on any platform is to not be vigilant about the data that you download. Being infected by spyware and adware, however, relies on the security of the browser, and being infected with a worm relies on the security of the operating system's Internet connectivity.
OS X remains relatively secure because its browser does not have hooks to the shell (unlike older versions of Internet Explorer, although I've read that Internet Explorer 7 has been decoupled from the shell), and because its Unix core isn't susceptible to worms (Unix has come a long way since the worm of 1988). OS X also has a firewall, although I just learned that it isn't enabled by default (but turning it on is easy; they should change the default in OS X 10.5).
A demo virus for OS X or Linux isn't news. No operating system can block the execution of a virus unless the operating system has a list of trusted applications that it knows are virus-free. An operating system can prevent worms with better security, and spyware can be prevented by using a secure browser, but viruses cannot be blocked from execution.
Re:This is on the front page of slashdot why? (Score:3, Informative)
2. "Page count increasing"? Huh? Nothing in that post links to any site that has anything to do with me.
Re:Updated Score (Score:3, Informative)
I've personally analyzed at least three Linux viruses that were found in the wild. And that's not counting the worms.
Re:This is on the front page of slashdot why? (Score:1, Informative)
Re:This is on the front page of slashdot why? (Score:3, Informative)
Re:This is on the front page of slashdot why? (Score:4, Informative)
Viruses take advantage of weak spots in other executable code. Macro viruses exploit a word processor's macro system. Boot sector viruses exploit the computer's boot loader. In every case, though, the virus takes advantage of some piece of already-existing piece of software that executes code automatically, usually without direct control or knowledge from the user.
A worm OTOH, is its own executable. It's essentially a self-replicating daemon. It does exploit weaknesses in a system's remote-execution code to propagate, but it doesn't require an interpreter. All it has to do is write its executable text to a block of memory, then trigger a fault which causes that block of memory to be treated as an executable.
Automatic propagation is the hallmark of a worm or virus, though. If Macarena can propagate every time someone opens an infected file, it's a virus. If you have to run a specific infection program to attach the payload to other files, it's not a virus, it's just a program that appends unwanted crap to other files.
Re:Technologically Sophisticated (Score:4, Informative)
Bullshit on your bullshit, my good bullshitting sir. You underestimate the amount of bullshit that the Mac will put you through in order to run a bullshit application attachment.
You missed a few steps. In order to simply run the attachment, you need to:
1. Save the archive attachment.
2. Ignore the warning about an "unsafe application" given by Safari or Mail.app.
3. Mount the DMG file or unzip the ZIP file.
4. Still not realize that the dearchived file is not a document despite looking exactly like an application.
5. Run the application.
Okay, so now the user has infected their system. Sort of. Their documents may be infected, but those are useless to the virus. They can't be executed, and the user isn't likely to pack up his
6. Invoke the SUDO app to request elevated privledges.
7. User would need to fill their password into the prompt.
8. Virus would infect the necessary files to do its dirty work of spreading.
At this point, however, the user is so stupid he belongs in a mental facility. He's already ignored half a dozen explicit and implied warnings that something is wrong, just to ensure that this virus can take over his system! That's one determined user!
Some people may believe that Mac users are really that dumb, but if that were the case then viruses would already run rampant. Instead, we get an impotent "proof of concept" that can't actually spread itself. All it can do is damage your files. For a proof of concept, that's pretty pathetic.
As I've mentioned twice now, that's blatently incorrect. It can "infect" your documents, but system files require elevated privileges. "Infecting" your documents does nothing more than damage your files, and the virus can't even stay resident (or stop the user from killing it on the Dock!) without a password. So it's effective impotent and contained unless it can trick the user into giving it his/her password.